Security Advisory

CVE-2026-24881

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-27 18:36:56
Last updated 2026-06-30 12:06:35
Assigner mitre
State PUBLISHED

Description

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.